Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/c71daf-dd66-41d8-b04f-da88b6bdb316/1/KKdQlWRaTVrTyLvNojmsJTGkLPc.roa
File:                     KKdQlWRaTVrTyLvNojmsJTGkLPc.roa (raw, json)
Hash identifier:          KxoZF5J0oySt+hq/SPit5iMq2vxvUYxJB4/EowuYxCk=
Subject key identifier:   28:A7:50:95:64:5A:4D:5A:D3:C8:BB:CD:A2:39:AC:25:31:A4:2C:F7
Certificate issuer:       /CN=581ecc1a74cf92ab619c5f710123937ce50d9c43
Certificate serial:       018D3C8209FEEBBC0189B72BB382A38ED0F8
Authority key identifier: 58:1E:CC:1A:74:CF:92:AB:61:9C:5F:71:01:23:93:7C:E5:0D:9C:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WB7MGnTPkqthnF9xASOTfOUNnEM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/c71daf-dd66-41d8-b04f-da88b6bdb316/1/KKdQlWRaTVrTyLvNojmsJTGkLPc.roa
Signing time:             Wed 24 Jan 2024 17:26:11 +0000
ROA not before:           Wed 24 Jan 2024 17:26:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205296
IP address blocks:        185.222.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/c71daf-dd66-41d8-b04f-da88b6bdb316/1/WB7MGnTPkqthnF9xASOTfOUNnEM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/c71daf-dd66-41d8-b04f-da88b6bdb316/1/WB7MGnTPkqthnF9xASOTfOUNnEM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WB7MGnTPkqthnF9xASOTfOUNnEM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:3c:82:09:fe:eb:bc:01:89:b7:2b:b3:82:a3:8e:d0:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=581ecc1a74cf92ab619c5f710123937ce50d9c43
        Validity
            Not Before: Jan 24 17:26:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=28a75095645a4d5ad3c8bbcda239ac2531a42cf7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:50:df:da:4c:c6:70:fb:39:82:d8:e3:12:5a:
                    c5:30:c8:b7:8f:15:01:49:54:b8:17:97:51:bc:10:
                    94:4c:5c:6e:8a:99:a3:18:2e:bc:ff:91:37:23:8b:
                    af:c4:3c:21:77:08:94:5c:5f:a5:ac:b4:a9:88:48:
                    41:12:a0:50:5b:e8:09:52:06:1a:3c:fb:1e:36:81:
                    ed:aa:f4:59:a4:3c:c8:52:73:6c:43:26:43:24:77:
                    cd:24:40:1a:38:a6:71:28:03:64:32:49:20:da:f4:
                    22:3a:5c:4e:da:fa:d5:fe:b0:c9:e9:f2:21:04:c4:
                    7a:6a:ae:a1:56:95:ea:2d:64:ee:45:52:bc:9c:e0:
                    46:85:61:7f:67:5c:fc:e2:1d:e6:b1:52:ad:15:8f:
                    23:84:bd:7e:3b:e4:9d:4b:89:97:9c:83:d7:86:e4:
                    fa:e5:fd:9c:d1:5c:f1:38:e6:4c:9a:a1:4b:76:1a:
                    1c:45:52:c1:a3:bd:94:6c:04:82:d7:00:3b:0e:26:
                    e5:84:62:47:67:3e:e3:e4:64:86:75:c0:a9:2e:65:
                    53:25:d9:04:8c:dc:4b:c5:21:a4:b8:5e:67:41:09:
                    f0:ca:9c:e6:29:39:c3:43:b4:1e:56:b1:ee:ff:4e:
                    4b:9c:3e:06:b3:bd:24:3d:90:64:ed:11:c3:20:23:
                    25:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:A7:50:95:64:5A:4D:5A:D3:C8:BB:CD:A2:39:AC:25:31:A4:2C:F7
            X509v3 Authority Key Identifier:
                keyid:58:1E:CC:1A:74:CF:92:AB:61:9C:5F:71:01:23:93:7C:E5:0D:9C:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WB7MGnTPkqthnF9xASOTfOUNnEM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/c71daf-dd66-41d8-b04f-da88b6bdb316/1/KKdQlWRaTVrTyLvNojmsJTGkLPc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/c71daf-dd66-41d8-b04f-da88b6bdb316/1/WB7MGnTPkqthnF9xASOTfOUNnEM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.222.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:82:64:05:f0:71:57:4c:37:ae:b1:1b:a3:33:9b:73:86:dc:
         75:86:1a:58:8e:5b:b4:54:69:69:3b:66:39:8e:58:88:e8:88:
         6d:e4:16:1e:b8:71:f2:14:98:d8:5b:66:5b:58:f4:a6:40:17:
         14:8d:71:f1:96:62:60:81:18:d2:8e:ba:9b:65:1c:7a:03:ed:
         38:e3:91:ba:99:ff:a1:33:77:14:3c:e4:2b:79:0b:23:ea:8f:
         9e:4b:cc:5f:51:9f:67:c6:db:27:37:0d:9b:13:85:ab:b4:a3:
         e7:11:9f:4c:51:1d:b1:cf:01:69:4d:1f:af:ae:f7:d9:df:e2:
         2c:e1:07:d5:85:80:bd:b0:69:b3:05:6f:6b:8e:2a:54:c7:30:
         be:e5:64:03:59:48:f8:6c:e9:2e:0d:08:40:50:fa:69:82:1e:
         e8:25:3f:ca:78:58:05:2c:84:2d:4d:e0:68:93:f1:c0:f9:69:
         62:52:43:d2:10:34:33:f3:21:e2:14:41:33:6b:2c:cc:ad:c1:
         66:8e:f3:10:f8:f8:15:d4:0c:66:e3:86:8a:e7:e1:6f:23:f2:
         67:86:8c:47:50:f5:62:0f:9a:1d:db:da:02:db:74:dd:ac:73:
         2d:25:4a:54:b9:e2:db:ec:79:90:a4:ce:75:fc:87:cd:10:75:
         a3:d0:0c:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY08ggn+67wBibcrs4KjjtD4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4MWVjYzFhNzRjZjkyYWI2MTljNWY3MTAxMjM5MzdjZTUw
ZDljNDMwHhcNMjQwMTI0MTcyNjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGE3NTA5NTY0NWE0ZDVhZDNjOGJiY2RhMjM5YWMyNTMxYTQyY2Y3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtVDf2kzGcPs5gtjjElrFMMi3jxUB
SVS4F5dRvBCUTFxuipmjGC68/5E3I4uvxDwhdwiUXF+lrLSpiEhBEqBQW+gJUgYa
PPseNoHtqvRZpDzIUnNsQyZDJHfNJEAaOKZxKANkMkkg2vQiOlxO2vrV/rDJ6fIh
BMR6aq6hVpXqLWTuRVK8nOBGhWF/Z1z84h3msVKtFY8jhL1+O+SdS4mXnIPXhuT6
5f2c0VzxOOZMmqFLdhocRVLBo72UbASC1wA7DiblhGJHZz7j5GSGdcCpLmVTJdkE
jNxLxSGkuF5nQQnwypzmKTnDQ7QeVrHu/05LnD4Gs70kPZBk7RHDICMlhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCinUJVkWk1a08i7zaI5rCUxpCz3MB8GA1UdIwQY
MBaAFFgezBp0z5KrYZxfcQEjk3zlDZxDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0I3TUduVFBrcXRobkY5eEFTT1RmT1VObkVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny9jNzFkYWYtZGQ2Ni00MWQ4LWIwNGYt
ZGE4OGI2YmRiMzE2LzEvS0tkUWxXUmFUVnJUeUx2Tm9qbXNKVEdrTFBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny9jNzFkYWYtZGQ2Ni00MWQ4LWIwNGYtZGE4OGI2YmRiMzE2
LzEvV0I3TUduVFBrcXRobkY5eEFTT1RmT1VObkVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud4EMA0G
CSqGSIb3DQEBCwUAA4IBAQBkgmQF8HFXTDeusRujM5tzhtx1hhpYjlu0VGlpO2Y5
jliI6Iht5BYeuHHyFJjYW2ZbWPSmQBcUjXHxlmJggRjSjrqbZRx6A+0445G6mf+h
M3cUPOQreQsj6o+eS8xfUZ9nxtsnNw2bE4WrtKPnEZ9MUR2xzwFpTR+vrvfZ3+Is
4QfVhYC9sGmzBW9rjipUxzC+5WQDWUj4bOkuDQhAUPppgh7oJT/KeFgFLIQtTeBo
k/HA+WliUkPSEDQz8yHiFEEzayzMrcFmjvMQ+PgV1Axm44aK5+FvI/JnhoxHUPVi
D5od29oC23TdrHMtJUpUueLb7HmQpM51/IfNEHWj0AwK
-----END CERTIFICATE-----